2 matches found
CVE-2022-31560
The CVE-2022-31560 entry concerns the uncleYiba/photo_tag repository (up to 2020-08-31). The root cause is unsafe usage of Flask’s send_file, enabling absolute path traversal. The vulnerability manifests as a path traversal issue (no exploits or vectors described beyond this in the provided docs)...
photo_tag 路径遍历漏洞
phototag is a photo tagging tool by the individual developer of Boring YiBa. A security vulnerability exists in phototag version 2020-08-31 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...